Lucene search
K

2137 matches found

Nuclei
Nuclei
added 8 hours ago17 views

Everest Forms Pro <= 1.9.12 - Unauthenticated RCE via Calculation Formula Injection

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

9.8CVSS6.5AI score0.40992EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/07/06 4:59 a.m.4 views

kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackh323 module. This vulnerability occurs in the DecodeQ931 function when processing a zero-length value from a packet. An integer underflow during a length calculation results in a large, incorrect value...

9.1CVSS5.9AI score0.00514EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 8:45 p.m.4 views

GHSA-5PMV-RX8R-WMV5 jxl-grid on 32-bit platforms has an out-of-bounds writes due to integer overflow

Summary On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use Address Sanitizer, which ignores...

7.3CVSS6.3AI score
Exploits0References3
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-723 Out-of-bounds Read in OpenCV

An out-of-bounds read was discovered in OpenCV before 4.1.1 OpenCV-Python before 4.1.0.25. Specifically, variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this is not true when dealing with small images, leading...

6.5CVSS6.5AI score0.01742EPSS
Exploits1References8
CVE
CVE
added 2026/06/27 9:22 a.m.26 views

CVE-2026-49414

CVE-2026-49414 is a local ASLR bypass in FreeBSD: the ELF image activator clears per-process ASLR preferences for setuid binaries after computing the PIE base, allowing an unprivileged local user to disable ASLR for a setuid PIE binary via procctl(2) before execve(2). This makes exploitation of a...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

DEBIAN-CVE-2026-53312

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...

5.5CVSS5.9AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:41 p.m.7 views

EUVD-2026-39847

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...

5.9AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:21 p.m.4 views

GHSA-RM3J-F69W-WQMQ golang.org/x/crypto vulnerable to infinite loop on large channel writes

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

9.1CVSS6AI score0.00466EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.5 views

CVE-2026-53171

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...

8.8CVSS5.9AI score0.00137EPSS
Exploits0
EUVD
EUVD
added 2026/06/24 6:32 p.m.3 views

EUVD-2026-38881

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...

5.7AI score0.00168EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 6:32 p.m.3 views

EUVD-2026-38836

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvms390pciaifenable, kvms390pciaifdisable, and aenhostforward index the GAIT by manually multiplying the index with sizeofstruct zpcigaite. Since...

5.7AI score0.0018EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-53013

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...

0.00168EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 4:29 p.m.2 views

CVE-2026-53013 macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...

5.8AI score0.00168EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:29 p.m.7 views

CVE-2026-53013

The CVE-2026-53013 issue affects the Linux kernel macvlan netlink code. A bug in macvlan_get_size() did not reserve space for IFLA_MACVLAN_BC_CUTOFF, while macvlan_fill_info() would include that attribute when port-&gt;bc_cutoff != 1. As a result, nla_put_s32() could fail with -EMSGSIZE when the ...

5.7AI score0.00168EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: kexec: deriving the entry from the purgatory symbol The kexecloadpurgatory function derives image-start by locating eentry within an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with...

5.5CVSS6.1AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Media: ccs – Avoid possible division by zero Calculating the maximum value of M for scaler configuration involves dividing by the value of the MINXOUTPUTSIZE limit register. Although this value is presumably non-zero, the driver...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.33 views

CVE-2026-52934 batman-adv: tvlv: reject oversized TVLV packets

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tvlv: reject oversized TVLV packets batadvtvlvcontainerogmappend builds a TVLV packet section from the tvlv.containerlist. The total size of this section is computed by batadvtvlvcontainerlistsize, which sums the size...

8.8CVSS0.00247EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52005

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc5 Description A null pointer dereference issue exists in the bpf lwt xmit push encap helper. The issue occurs because the skb- skb refdst variable may not be initialized when the socket buffer skb is set up by the...

6.1AI score0.00176EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51727

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the batadv tvlv container list size function uses a u16 return type and accumulator. When the accumulated size of registered containers...

8.8CVSS5.9AI score0.00247EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-49341

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A flaw exists in the WavPack audio decoder within gst-plugins-good. An integer overflow occurs during the buffer size calculation 4 block samples channels inside the gst wavpack dec handle...

7.6CVSS6.1AI score0.0031EPSS
Exploits0References39
Rows per page
Query Builder